How to inject secrets from Google Secret Manager into Kubernetes Pod as environment variable?
Question
I'm trying to inject my secrets from Google Secret Manager into Kubernetes Pod as environment variable.
I need put it as environment variable to my NodeJS application can read it.
I tried the solution from How to inject secret from Google Secret Manager into Kubernetes Pod as environment variable? but not work for me.
Also I tried to setup a init container but it put the secrets as files into the pod.
Any idea?
Thanks
2 answers
solution1
1 2021-04-02 00:37:36
You can do something like this during cloud build step.
steps:
- name: '<secrets_to_configmap>'
entrypoint: 'bash'
args: ['USERNAME=$$USERNAME', 'PASSWORD=$$PASSWORD']
secretEnv: ['USERNAME', 'PASSWORD']
availableSecrets:
secretManager:
- versionName: projects/PROJECT_ID/secrets/SECRET_NAME/versions/SECRET_VERSION
env: 'PASSWORD'
- versionName: projects/PROJECT_ID/secrets/SECRET_NAME/versions/SECRET_VERSION
env: 'USERNAME'
The docker image secrets_to_configmap will take the secrets from secrets manager and create a configmaps which pods can use.
solution2
1 2021-04-02 13:40:29
Checkout https://github.com/GoogleCloudPlatform/secrets-store-csi-driver-provider-gcp . It's a CSI driver for mounting Secret Manager secrets.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.